Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-12-2024 08:01
Behavioral task
behavioral1
Sample
e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Resource
win10v2004-20241007-en
General
-
Target
e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
-
Size
167KB
-
MD5
e08d6963abd974a0dcc9bc86f67edf4e
-
SHA1
6b7f8c57d6f67540b4545bd1bd52a4818516ca59
-
SHA256
7ab5cc70f8b5777a3c55d6b9a84500d1796af80f3d558ba62516f21f384fbaa3
-
SHA512
8315191960b1e0f60d76c6c0c2539a85de05050d75731fdb5227edc6696a47545687a39921939d877e52fecad432536b5a12b6a086d94f3da7951b4b6f739689
-
SSDEEP
3072:4rI+ZEBpDEdMYsQj0pK/TYcIR2VYYYS2zUYYvYYUpo97:4X6u7e
Malware Config
Signatures
-
Detected Xorist Ransomware 4 IoCs
resource yara_rule behavioral1/memory/2580-9570-0x0000000000400000-0x000000000045C000-memory.dmp family_xorist behavioral1/memory/2580-9571-0x0000000000400000-0x000000000045C000-memory.dmp family_xorist behavioral1/memory/2580-9825-0x0000000000400000-0x000000000045C000-memory.dmp family_xorist behavioral1/memory/2580-9826-0x0000000000400000-0x000000000045C000-memory.dmp family_xorist -
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
-
Xorist family
-
Renames multiple (2531) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 8 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\drivers\gmreadme.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_hash_tables.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_job_details.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_blocks.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_properties.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\wdmvsc.inf_amd64_neutral_a2cf745000e2ea92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\ProfessionalN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_functions_cmdletbindingattribute.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_requires.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudss.inf_amd64_neutral_330a593eb888237c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_neutral_ecf5cff2236b273a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnbr004.inf_amd64_neutral_a78e168d6944619a\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_neutral_f77725472d91b1d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_regular_expressions.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_scopes.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_neutral_b263d46928b97a9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\it-IT\Licenses\eval\HomePremiumN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ph6xib64c0.inf_amd64_neutral_a43df8f7441e1c61\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_pipelines.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\InstallShield\setupdir\0021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\PkgMgr.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\en-US\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\fr-FR\Licenses\_Default\HomeBasicE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\IME\imekr8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmsupra.inf_amd64_neutral_c4fe81ea47c6df87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx009.inf_amd64_neutral_d4b76afd08f308fb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\netiougc.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_Break.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\de-DE\Licenses\eval\UltimateE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\about_scopes.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_aliases.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_functions.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx006.inf_amd64_neutral_cc725426972d1293\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnod002.inf_amd64_neutral_a10c656b6c7c053c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\es-ES\Licenses\eval\HomeBasic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\setupSNK.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_output.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_wildcards.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_providers.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\prnlx00d.inf_amd64_neutral_ce7a0b4e23e432ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\ja-JP\Licenses\eval\EnterpriseE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\about_script_internationalization.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\HOSTNAME.EXE e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\WSMT\rras\dlmanifests\Microsoft-Windows-RasServer-MigPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\about_logical_operators.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\about_remote_jobs.help.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_neutral_a44611db70783ded\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
resource yara_rule behavioral1/memory/2580-7-0x0000000000400000-0x000000000045C000-memory.dmp upx behavioral1/memory/2580-9570-0x0000000000400000-0x000000000045C000-memory.dmp upx behavioral1/memory/2580-9571-0x0000000000400000-0x000000000045C000-memory.dmp upx behavioral1/memory/2580-9825-0x0000000000400000-0x000000000045C000-memory.dmp upx behavioral1/memory/2580-9826-0x0000000000400000-0x000000000045C000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\PREVIEW.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Stationery\1033\PINELUMB.HTM e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jre7\bin\pack200.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\THMBNAIL.PNG e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Common Files\microsoft shared\VGX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\sidebar.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Media Player\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1036\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\winsxs\amd64_rdvgwddm.inf.resources_31bf3856ad364e35_6.1.7601.17514_ja-jp_c54e0eb981362165\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_0bde965abf387612\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-dnshelperclass_31bf3856ad364e35_6.1.7600.16385_none_d434913eaa35e4bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-e..ingfaults.resources_31bf3856ad364e35_6.1.7600.16385_es-es_d24cae564895416a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..ty-client.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9c4aafc6c255cbd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnca00x.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_20983167eda7589c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep00e.inf.resources_31bf3856ad364e35_6.1.7600.16385_es-es_37ef67bc91dd3673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_190fa02cb006154d\msfeedssync.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\x86_netfx-ngen_exe_b03f5f7f11d50a3a_6.1.7601.17514_none_4c193e6507471ede\ngen.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\btn_close_down.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\Windows Hardware Insert.wav e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_wcf-wsatconfig_b03f5f7f11d50a3a_6.1.7601.17514_none_d7ce65f32404434b\WsatConfig.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_6.1.7600.16385_it-it_6561e1ed74823913\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-m..overy-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ac3d71c0815ea15c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\BabyBoyMainToScenesBackground.wmv e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-p..ndprintui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_754bce83add5924d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_mdmgl006.inf_31bf3856ad364e35_6.1.7600.16385_none_cf6513cfad550965\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-mapi.resources_31bf3856ad364e35_6.1.7600.16385_de-de_8160a05c5cadb3ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-t..tion-core.resources_31bf3856ad364e35_6.1.7600.16385_it-it_b4f5d5c66009b4f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-iis-adsicompatibility_31bf3856ad364e35_6.1.7600.16385_none_439022b0fb0c8466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_6.1.7600.16385_none_f0686b7ca6acde00\mpnotify.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_e560288e34f95bca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\sdchange.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-servicepackcoordinator_31bf3856ad364e35_6.1.7601.17514_none_92e727843e307e1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-gameexplorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6a9a464388bbc56b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-vssadmin_31bf3856ad364e35_6.1.7600.16385_none_207247174b54af00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-kernelceip.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_dd15e83b55b26f79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-sysclass.resources_31bf3856ad364e35_6.1.7600.16385_es-es_65b9a19882c86370\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-i..nspection.resources_31bf3856ad364e35_11.2.9600.16428_en-us_6e3f17ef8f5a4df0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_server-help-chm.diskm_v.resources_31bf3856ad364e35_6.1.7600.16385_it-it_64141ece283c7311\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_cc3a6a9c514031a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_5269b9a9a14782a8\efsui.exe e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-eventlog.resources_31bf3856ad364e35_6.1.7600.16385_it-it_86a68a63a4aaf841\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-w32time-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_9679668f90da0dfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnlx00a.inf_31bf3856ad364e35_6.1.7600.16385_none_60cd639f62a3e645\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\wow64_microsoft-windows-i..-japanese_nec_win95_31bf3856ad364e35_6.1.7600.16385_none_de99332eff7f0b34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-netshell-mui.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4d713d28472531b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-regsvr32.resources_31bf3856ad364e35_6.1.7600.16385_es-es_7505c7587ad1ced7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-deviceux.resources_31bf3856ad364e35_6.1.7600.16385_es-es_cb3c621ec6fe245a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File opened for modification C:\Windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\Perf_Scenes_Mask1.png e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_6.1.7601.17514_pt-pt_c0eed64b44b300c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-d..andgroups.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_121705fbac4939c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_9b9c4d21a73d4143\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep00l.inf_31bf3856ad364e35_6.1.7600.16385_none_b2881ef0c3cba5ef\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_wiabr009.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a2714c3a4a2caffa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-g..zards-mui.resources_31bf3856ad364e35_6.1.7600.16385_de-de_0ab225f359f5f4de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-msmq-runtime_31bf3856ad364e35_6.1.7601.17514_none_ff07d9eb4cd00172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-l..store-mof.resources_31bf3856ad364e35_6.1.7601.17514_de-de_39d4dd5f64f4f554\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-ntlanui2.resources_31bf3856ad364e35_6.1.7600.16385_it-it_2ba6ba58c488b27e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_microsoft.build.tasks.v3.5.resources_b03f5f7f11d50a3a_6.1.7600.16385_fr-fr_fd1b140d611031a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_es-es_30e4b256155b6899\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\x86_microsoft-windows-m..ponents-mdac-msdatl_31bf3856ad364e35_6.1.7600.16385_none_e5eb668f6cf3ca2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_6.1.7601.17514_nl-nl_ca0f01cb98651923\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\amd64_prnep00f.inf.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_1e5e0b05ae23e4be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe File created C:\Windows\winsxs\msil_aspnet_compiler.resources_b03f5f7f11d50a3a_6.1.7600.16385_ja-jp_fb8bef1b0e962656\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe -
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\ = "CRYPTED!" e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe" e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ITRMMXILISAOBTR" e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe,0" e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe"1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2580
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
311B
MD5edf3d4399582c7a1e8e1db50eb8f63ae
SHA12b7d5a0b8c2f0c6a1e233f0068046b0fd801b968
SHA2569c5ee7821cfe0279ee6f64936c361a251b9f1f36dd2603051063230712017ec5
SHA51216433b80fca0ede9110f2315ab0689a04ec2e490858fb19650986b7f46da7d317c0dd0519813f2ae67c4bae7bf00930ef4b6fb231ce6921b0e8f2ebfde114ddf
-
Filesize
341B
MD5b9e4b53213fbf0768465c14afabae500
SHA1a5a6e1d28dd77821d22cc6ca8b59c443334d8c13
SHA256111dba847b35705da806e49ef3188e06c880c499bcb249ead1837c18cb99805e
SHA5120400384a5fc9759258c7c983a7694aaf5f509898f34946c0da703d6f85ad60dbf9cf873e7c0675e0bf5cd8b40e82e2e75331eee9aa74d2029b0e732dad5455e2
-
Filesize
222B
MD5381fa34facb18afbf011d4a89e75d495
SHA17b581bea1acf3e4fe285d4a5ad1419eda3ca0e07
SHA256f32b7524f825fa0575d80a4228332021516c2bd7b68af4b83e363aa1ba196e69
SHA512ce95541bf19bbb45039eae201fbdceff6f679b40f34d45f363bbbe080fe561cc6e5b9edf9318ddb6ecd6ce8b6278036b0956256b0102f844b0d500c36bcc45dc
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF
Filesize24KB
MD5b4da51d40aa783ea643025b8bb4d740e
SHA1235dd420154c5b44a4121dbf840b8d070cf41e6f
SHA25667e3db022810d1b191d5c7e34eabe122108afa870176c7b03831703f010fa608
SHA51261f82fb8debd265303f744ad5290ba3dc1da313b436d11652f950c8ac085a1cc8d4576266bb5033bf3d3f21d4a75886838ac8b7d4bbbf85a57c1dabfbd968841
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF
Filesize185B
MD5b4056aa8bd5d145fc7121fd455318d87
SHA1079378f3b592883db47e6aaca8c99c9e1dc29b3b
SHA256d9b8de4f7b29b52675f03ffbbb6741362dc6d5620d2ce4f719eff7cadae22479
SHA5126b2736eb3ad9ca6f09c7f7586fce218338c9d2be8024311cdcc9bb3ab4d4e095f41dad31f37c7365af980a6b7e73eeb2054e6f62a91d463e0afedf03458d3043
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF
Filesize496B
MD57d2e9ce6d163caccc16c16c78441c6a3
SHA1314291a552d94bdbf63c1a48c8a03ce2e6dc733b
SHA256e2c98b9c72786aca1ef69f4fb3f695131b6d61c994a2924c75b4382f3cc5211e
SHA5126322ac589ab35fd4ad90b3a395654d4f0deb53fed9aaf28a509e3e73bb76baeca13dc2f9dd3919c720955de5eecbcc40ddecceb1d3ef1bc81823ebdedbf31cb7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF
Filesize1KB
MD5bdd432f6c47fdca9af75a0b5f55501a0
SHA1bf4b63c28ac1342e16918e89404b4befa9e55535
SHA256a2ef54f126203bc5046cd6bfcd1064fee5f6be4a0bae0d4a1b52193603cb3975
SHA5128edee3255a47095f0dcb54ed38f69f222a5177805f3786f5bfc0a6aaaa84bdf0abefecb581dac68c7d36bc25d5b46e93d385094b655396665babd2f7503d795b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
Filesize341B
MD54b4bc4059f0415d022659d9a43118253
SHA1dcd76dc55aa2a163d81674671e6ee0628520ee1d
SHA2565c165393b29012dae580db6537a142fce21abb45cc422654ddbbad836cd3e0e2
SHA512662ab95c8ccaf64b2acb861a4b259ddfa49be8c129b01fd38728bb835c141fa6f5952b61a657a38ecafce0a74ecd6ff45b78586128e9976a9be350660aaaddda
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
Filesize222B
MD5a38d63843851215100a0b3726d5b3746
SHA17104215d5ebaeb9719266a7047dc71e644422d9b
SHA256a4e46364a7e5f7185d0f3799c6b46fbd6336f93aabdb66403f6423ac2b5eddbd
SHA51264f33a91b87015837afe93c9677cbd0fb7eb1e3be2e23828cd026c98162355b628d3e58e6b34c5d83a72e0ffff987c59dfe8be4e2442e59ef4ffa5557d17cd13
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif
Filesize5KB
MD5d1e609640ba6e836ca1c07fde6c3ffab
SHA19a6457c45b4591bb27e25eefc8909eae19521e6c
SHA2565d7e28cf6b71235606a250b8f81719ea60953fe1ca0acaab9f583830a3b885a1
SHA5129b51dd2d2af4f3053f30ec3fdae56131c23529a332de4dc2b00bcd9875bf3d38c80adbd1c0d76a1c52818b55bf21175eb17acd0bf14e10e03d55ca753c5a337e
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif
Filesize31KB
MD5ec15db8eaf9406e1818239c06b9e0a57
SHA185d6bcde12413cfdede79e2e8c126f523a4bea9f
SHA256cd8d1a7975bba1fa770dcd965408fbeb9980f4e9e7fb5174aa51ae245b12e4bc
SHA51269cbcc91e4bbae5fc05788b94a48ce5c7f5270e1de18320588d1f0a2e92f2cad063a8cf2ff14032ea1e0c240774776b8470f14d33a83108445a668e5249c36f4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif
Filesize4KB
MD5ce0e23dce1709d6a5576800c13aaf7f8
SHA1280e4d5e0bfacd7e216a4ea4aa0c73dcedf2cd82
SHA256da115f750e4fd8b44e80e30d7dae9d6e97ac3867f95fb938796b701b057be19f
SHA512820d05e2b5ce36da51846530fe382281c74ef9401b817147392099a09b05d4c8ab772c9a09f9cb02d48dac4b0217bc89ccb2762b0f6973b922dd38b2cb5bbe72
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif
Filesize21KB
MD52f57abf47a7c00cf52fcb337f622075b
SHA14235e7caa93f60eea4836d13999c9519c7a88261
SHA25679c35b0602aa631c9918019556b8690ea4b74052f10d4fae1c63849c082cd805
SHA5124d023957619e6bd91d03d4093565b7770be799c4e9df688d40bcc1f061dd3225ad6b13bba08525521f1e25563a3157b5562e1e938e0a7a73b2f13fa49d2509f5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif
Filesize106B
MD5c1264e48c813db5167a3850492e156c5
SHA10fba979099f8c238cc18721e3747e6a4cd2b69cf
SHA2560ded0c78de7329d1c5a83fb38affa5a681de0835fa11c3dec647094250aed68f
SHA51276748103d4c9ebe668e81adea75dcec1dea2996e8496a237a051d2b60b978750c8df3b49b617607be091a1e05473c8394ff24be75f2c3dd70c18f419819e0483
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif
Filesize8KB
MD559d1a0fe032b2546d5852cef15a8c2ca
SHA197725b0183d0f8ab2362881656679941f84547d6
SHA2568ad0658fadd38e6dccb68d332bc6764af9c29048cb694365f45cba5df9013d71
SHA5126c5706cd796bfdb1c8d8e0d3290833ee0168f3d0d4bbdbc8595d1615c4ccf3dbe301fad281ec2b749b3c0b0bdefa03ebb321b1eb01a8153d80970646ad0c86de
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif
Filesize15KB
MD5b33bb8ea9e21b2dc3f2bb40e82eb1d59
SHA19e2b8f1a3bd0712f92da29444df77bcfe92b6949
SHA256ebf0db6be652f63af34fd484059c71fd1ff4ac4110145e011549df4eb57c484f
SHA512669056a842017565ffb11fd837981671a011abc1eb019a7a155621a5e85a52591c81cc624d52436efdde994283b0042192a54cff0c76c6fff9ec6e3eb61d9574
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif
Filesize6KB
MD50ad2d0043a89930656da0307bafcced4
SHA1c73f91c4e6c2bc4706576cc8d06b5b4834487964
SHA2561ca46660793c14e1c05ba770a177539a93932d1ad8ea84952c6a0144154f3d43
SHA512c50a4343c6f955b14e48c0ef7cf71d833068c6b0554f1feb1caff527fcb3d0dec5bfbf77b9ea765fcced29f2e8eeeeed02856c26f06141d9e5b01dfa5e4052e0
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif
Filesize20KB
MD5d8bed96e6c042168af288d09e8fd8406
SHA1367131e9cb43e08b77d6c3567231a3d23eae8143
SHA256d6635877c26e7c3f82ab7f44bffc61351ca972b4bb9c495367ffb4882f197570
SHA512b2dfc400ddcfe0a2511f88a0533c42ff482dcca3dd3b36aaf80cb6ff24ea710701618353b62687729e94fffa2f7779d7c5de82974a517c276647574f86eca924
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif
Filesize6KB
MD5dd2f227c372cc75558d6bc4eb45a8f8e
SHA14f0f6ae1910c50835b567eaccce2b9d7c25df25d
SHA256ac97ca380993e0eac76cf6f0cd44c987893b4ab55bc0cf55cb2690adfa8d8007
SHA512cc6ada4ed40ea033e3533917737151a2424969d29814a9b88050a3acc0d94e4e9cc67bc8f98d8c97dcaf63c1be16760e2bec1be9355555d18a9e9818379fc192
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif
Filesize15KB
MD538473dde4e6cb9e1c200c9a10038df53
SHA1def5b73bd54b675f441a2e372393dacf096d7104
SHA256b36317b616286b1424c746078093b768943fd4197f5b204fbb9166766f0a6171
SHA5129d8607d87e9ec9d7f2cb8cdab782832fdbee2ba1110788566829efc25f77a36efa7f15e082f501621c6f1762d65f78aa48b9018b5f520f549b7d7e10d7a47f0c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg
Filesize2KB
MD504e9ece717fcc90ea99d2c1402d473fe
SHA17d14530d27492a7d67c9b1b9799596a502822bfe
SHA256ba3ee121bcb558ee48e8e7e71f063b6e698b61c5e13d79b0c4940ec36b8e7669
SHA51212d70a7158e4b61ddc9576f1ab0fcc385945b660de0afad6b353de4661993ef07622d679388c9ef0eb0bdf2dcd8c6dd184cadd90d3d5926363998997f0269dc4
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp
Filesize2KB
MD534cfcf8d380a69dff95a6997fe3cb3a4
SHA114a0f1a4c41af5d7c47398e80a58c7be53e0ab9f
SHA256b09d56b00367c31f8a4443f3b56d24eb67b5de71e93d818595586264f45dcfe2
SHA512b0536aab562365f203977b594599e431995c01c36bdaafa239ec51dad415d9fe9b147811b761b8887297d94a67dabf5cbed8b17634ded4bcab3479bd356c5176
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
Filesize6KB
MD509146668e0408d10c44f01966a4bffaa
SHA13541b2d52bc6d511adb3153cb7c28365f1ca073a
SHA256fd33bec0cdec1df56b459a9c7fb462ab093d250606f4a8fe0d8eab08c295735a
SHA512c5f119df91aca573c1a78742f0037e1e68464f2f89f181b6d3558cf54a17bedfabad5d7566b4956816d8460ddb357368bb5c786a2e98733355234ab13f869dd9
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF
Filesize255B
MD58e9229d4381e06d70337112331b60ae1
SHA13812d8fa68447406968b0aa3efa6cf076af7b8d5
SHA25666ea9f93d96f936367fe1bde074c6d295ebca8c33f034134dab4b59291ae31be
SHA512fa09186bf7956e93f86cc85cbdbabbef3730fc910f57c94387a278b2fd8303554b0f514ff5a8b4d737e1b32629effa3175c4bd0e4d3055edee335cb34119e7e7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif
Filesize323B
MD56d638e34aeb221aed4ecc608faa5d3e4
SHA1bba880498df3c999788f5c56d301032ea74569e7
SHA25636ba71026b6c261c7401c298d79517023fa11e980cb64607f38b1991dd0ee8af
SHA512d909154b65447d15b5a0facbbf0625791c3c50190f5f243b0c69c6c2ead3f713b4cca2b38230bdfa91e3dee53bb11bfa3e2889ab64d336256a795607489a4214
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF
Filesize367B
MD58ed5d6c8b437b396161034663585b202
SHA17535a33c96f96818907cba1c362d7a4c798a13e8
SHA2561082b5d75d9d67c01a957fad00f32fd88c320fbda2a0a41de351a901cd2ef342
SHA512268e3b497b2ae77e936b7f0c943a0f3803e5bef8696d01aa62ee7cd81806dd3b82419a541dee047c69217c8cf7673da90d672ef707075f69a27eafa03f5a07ce
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF
Filesize148B
MD5679df2f31dd275569686b76bb6699293
SHA113be297205234ea39154dba471a9b6696ae05866
SHA256cedab0c2cfee6e0204d4da0131c1a9b23b0fdba61ec70abdf57b7fde137c872f
SHA512e3f8399cb247b812e3036ae4792fd22b1a56d8a4b586445945ae22fbb0af619b555377715dea5ea662b5860b578d84e0b11c19fc4c87c6e85e51c752e3860892
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF
Filesize440B
MD578f3ba8e2ba8bbbfbc1c017a0e0580cf
SHA1228db7f26a483de9cdc22c68053cb9c73fc52c4b
SHA25614118a603ae9c441402dd552112577726194e9107b5b45eb1a3da1a935ae6dd8
SHA512fa26a78aba44ff514780394027de4589d263e78b57bd51eb6a67d91c5091c9ea800ed8eee67bcdeb01f2f94807fe68ec85c31fe1666551bedf3c2fa8fb2e4c1c
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF
Filesize462B
MD598329fffe05716a26bcce8fb9998d63c
SHA1cc9e0a65cdfbe5a0873cbc014c3c5c4c333397ef
SHA2562a4ca4c6f70d9c388724a944f1c988008aeafb4399fc12c4395f13918a780c6e
SHA512c78e3fc2f4c49b810a2c272591b2d0aa2cd915aaae9fd9bf3c8590cf7794abf6f4482df60c7953c253811d4b96d54f5d82f554ab2a1fb2ada1f8bbec187e2cca
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
Filesize267B
MD5b209b3a271ac4e6241323104858dd131
SHA16947bad37b2ccff9fdb59b7e3a0ddfa8ae2f9898
SHA256201ef76427687ff7e5d3f356c5462b7679ba5dbdc77f9fddf89d34f629ea90a3
SHA5120351e941440d06d27be82eaeb34bcebc13a3b56b119da7dca2d27ae45009ce97abac1e410ccec69b02afca0bb1de2b7a5df2ae7fa82208bb2a7ea966d3c25c06
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF
Filesize2KB
MD54551171bb2e02dbeb408766aadb37c41
SHA1314af2b9d5f482a6c28cbdfd5ea46f6cfef9f4b5
SHA25649f2d91a89dcc87e2ab01de9f061c7e44bd28ab6b68d45ed9343fe9a4e7bd0f1
SHA512fd4c3b237933c6f7289246effb59063d6dc5e1ae7010e6852126c2f52f265d6ef39bca5116b74f48c3527da78984b72a817c804135295bf6e81182828553a815
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif
Filesize233B
MD55c9cdd79b08aafb0cb484942a86cd88d
SHA161a7f4cdc461558d458f3258274a5fea3af7e8d9
SHA256117e33fb83d924e74c52e777b12398798af68c06fc969d866f620eda82ed0844
SHA512b7a0964cb4d936a8ee1ba2db2ed76b2d8ce374f209008a472a7133ee4e6984595b9fd111abc405eb3dbfd7fa82339a0810d3b400c82ad6cf1b5a4dd11807829b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
Filesize364B
MD5c4d113ab8fbbc237e2fd0a2bcb2ccb9a
SHA1c6c0e97061e47a681483437a08f5a42b5bbd900a
SHA256f51b30627f58aef8ddcc5a945ef3b63619811583a08413b00511f1df67070104
SHA512c70440c5be957d5b4135b5548533eae529ba19276e8208c424fee06ca8fa29be273da1b1b4ed10a247e580b5908f57d95d207a3bd3cc249f7617c9d98eeb42ec
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
Filesize364B
MD55a5bd2c0115e08adf6ef447601422b52
SHA10117e14c650e26e1f41c7c6f479bf23e191ebf0a
SHA2560fc39024922a16b6c54e3b9e1ea17ea160dc7ce46b8d81336239153bc3619941
SHA5122a6963d9d5a2cb2424afb0fd14e732de95bfd483ad3066898aeb337a53d591639f3a46b7e5dbea7494c28ac10f6aafddf29d4b720ec06a88fdd796c97dce2c6a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif
Filesize6KB
MD5cfbdffa417e0fd8efd65f472f4d5ca4e
SHA13142b553a0181ed3d822bd7131f1608f388418e2
SHA2569d288d57494d9f5ef68b42a1969acae164cf908dcf7dc9c23a746bf1532c3324
SHA512d526b023b6fedf91a932b8dfe486a6acf0defe39c7d49455adca7e04b3647418bb657d2faea1a84df119c1ab034fcce400ce1191d5d74f78f0eb24dcce3025eb
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF
Filesize428B
MD5d7f3b78cd468f767b3ccf1c3d95c72a0
SHA1139c62aeeab0fb3d7a1c84f982df5f267332e647
SHA2566ad1bb497b1ea51dd0ebc888bd0f11b4b1a49819c9ee34ef87e2caad245bd5ef
SHA512a42004bc4faae5984c0e004f5f9b576a39ae6d4233374199a1fb9d246ddc7a6ca819d707190a6d093b75e3ea9956457557bc4808f39b9db42230a4b947981114
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif
Filesize815B
MD53cd74c6dd154feb888a6cccb62b2c2e2
SHA1742625ffd7f49a3ddcc64604896522db3b80720a
SHA2564d065afadaa0940d90413d438efd6dd2f5c794e206e69a18f5edcf0c9efb2870
SHA512dffb18622c5cfa7a91f0fdbb7953df52de35b934d29e38444eea4e2b164dbb74c4d37845ad0960a3a9f223c77c379f89cdfafdc34855105451624479ea9c0e49
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF
Filesize870B
MD5295020d7df3713a692a3a9847a4d895b
SHA137b7dc999591d0087b55c1bd0a843eebfd284400
SHA256639689f4480a61bb34a5507eb0088ec11132e25b9dcc83d4e7a098e741a3f3da
SHA512675dee528d96fb78b6ebd7c3d2f0fc55cae6c530214367a8641a994cb96465ee83df92785db1897f1144864284f5deefb3aab69071344208f8d33d74c022f7e8
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
Filesize3KB
MD575b29f2bd34bdd762ea5c459b20ac0b0
SHA1e0fd340147a38026c30d0efc83ec239afd431aa6
SHA2566609623b399b0cb1b7456b18b4481f2bbf909dcb22aba80f1b5187299153a9c4
SHA512a68a12055f63f48b574d05dcaef93c7e664c8feddc3d27637898635c0c4a3c5e21d6c079d7fc39e6946f3233097b72a6c1c6a6752fcfe7c42332ee055245780b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif
Filesize2KB
MD5231a1d89691989eafff64085c0db7a7f
SHA1c91d536dad694d2b887f51ba6c791b70a8e11494
SHA2568a2c1b686bc6e8c33e9b35d18c0a65b58c91c23102503c82c7346cb1c527786e
SHA512c8f52dc690a9caff403aa0d7daeef98886cd447de7a421234de8dba4826869109f9a5142bb0dc80367153b929053845b3d1dbff945f469cb20b90c86154bdf0a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif
Filesize19KB
MD5886be17066c6505e2abc5b9f1606d9b8
SHA17f2757a4cfc86b23456a910bf9fea2233b73f686
SHA2566276e7d0c9b537a342b4febdd76b5760a0c5852974786bbc2d2efeeaa2550430
SHA5122bee22e54d997e02dc326409665f5b6b8957dd446aa554c31fd4ed1b19fe98cc11093dcde11e6d020a00e97f7ba79a738d971418372fde9a78ca8788ee347631
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif
Filesize890B
MD5cc42aebfc507985dcb5103d6c898bb14
SHA1eff73d81f04361012619064ecf941b73963a413c
SHA256d5090062eb6d6cc7f58358b022a5b62f99d16fb722173cd3b7157be782c8495f
SHA512e047edaa545c611d77894fd5f4552d824d6ad4ead118343a0fd03ce2e6883846b51d12ddb73228b1d1d6f0f7b183b9cb332e95f6f7bff7aaba44562529cc4185
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
Filesize852B
MD55ecdaaef9565c1710c2f5662c2f99791
SHA15f6412526ca7bef984b9c7aae901284cddcd5218
SHA256a4ee891f992b2fba3382a25f8cebe26480d4bdd21b00009387784ef294f4b8a3
SHA512a6dfedccc63b5b2215eddf02081d7d7f3ddb7c11e9034d28a3137f1058a94f67fca75be99dbafb2e140dff5c2ae2085abf30652db7eaee1662c866f2edeb88e7
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif
Filesize860B
MD59f7bac31d9911e03c7537816c106a179
SHA13393d50d7c5d2faca4d8d3db5f2f93ff5670f522
SHA256df232b3c90ec64b58b7b94a8af9ddab63502836704bfa3b6d6d7dac892d5acc5
SHA512e1a623ec46f807410e5d4946134d7ab4d7cd1f34fee566d2ad7fc6ffa7f9e95cc1bc67db0adfde10f1d9e1a2f00eb26503576c42825ab12d94d41725181fcb0a
-
Filesize
580B
MD5adda3f289e04693ff48073ea77c609b6
SHA14bb06a1e3adfaad94263b4a130f454cffdd9cbc5
SHA256be1234dd8bc92e67121610d9af715b5d131b3f56621676fb4c1ee5e51cfdcd8b
SHA5124016c21eb06cac19212dd54323c84b5d0f1c050275a10e4f14c2e9814764487dedeadb90d11fe8b90cbb025818ca165adfbd81a71274650615b5f8f0f2b848c5
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF
Filesize899B
MD57ba65380ed1b35c7ad7ef58ecaa778db
SHA1e2321d218fccb259c3942a0bb9399e1468f0cb6d
SHA256545b3602b582b772a520c533080cfcad95c9b997b74a7754ac58d019b6e744f0
SHA512c289e8faa0befc11b9fce1889fe9e9d863fff90759f74b9aa3386555c0de506db0ca74b00e3965a8649f0cfd2f60b25f9019a815e663ee36e95af61446e7aa0e
-
Filesize
625B
MD50d8069485fcda84df04165399fc08012
SHA119fa3d5bf68a57701f024376c1dd7474d14b3609
SHA256835e3fdf281469682193b4f9218bbaa5ab8d1bd0968fd9db899bf69840452909
SHA512aaf6906258be1b0a7c520751e7cf61bff0459297a4164995db1063c21dab4f6459f5cb03ea7b4d07ec857992dbabdc9003fae243a766e37894d69912c69ddd55
-
Filesize
873B
MD570f6551b1faab8335f03bb64bd73f3e6
SHA168e0e71ff764bbed4d91c7531f50ed4137f1d403
SHA25617cb765940a0f5b8f5396d6d080320f6ec05f0b8cdcfbdcd11a94fe1c2857e64
SHA512e8f2128c3762cdf774f3af4e2f38e0296f32a955553306fe21790f495971a7ad09a50f75818746d822a692fe3d71e8fd917412ca036eba25386a4035a142410b
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
Filesize5KB
MD501c6fb640d4fa9db9dfa0783d19968de
SHA1cac865a9df53ad38121568ad44902573a7f29202
SHA2563e754c4c7935f62bfbaa95c947dd9a3caa483bfc1f6cca243c58ef84d95db36c
SHA51266387eae968004d282acf695f4dd7bd1e65e940409cf7ea10ec0fac8cfe693914d0035d089b7befb36997eced4a2c2bd6ae173b7ae06f4ec51447e17575e0352
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp
Filesize1KB
MD5812ef0aacb246fd2f9530b226caa350e
SHA15d383f6b66f1eb08fe240d43551acfa5edbe99d3
SHA256c20eabb7d774bc28466fec5d708f60e5765339ecbbeb04a64623c8a672e56c77
SHA5124b45cdedeeb749681835ee2a256c717aaa563fb129d915c800bc58a13d56118ad7932c7a87bc9d1f2e7698a483e91c38c6075422f2646d351b111046fd1fea5e
-
Filesize
615B
MD5d3dccf9b8c8fdcff8778b7c31e75e4ee
SHA105d0c315782f0550f0b00cf9e2a1b6deb06da237
SHA256888718e1db3412308e4d96059c180d9dbb520647cb9576fce7bb8e53d02b030d
SHA512a48b79f05766804b6a9e3971bcc1e68a360b6bae4e40a2bb0768742f55efd290e35dab7bc5999d4d47d5f17efd4bfc2bd52666eb22172761eb54ebef53c001c1
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif
Filesize848B
MD56867656d3689873a659131e317e644ab
SHA17a16b1d07611e3a16f64e41322e7b7d8f1ae24e6
SHA256c7ec3f458db1394196db7292d4794eb6ee766ce0f627554fdb774fbe563b905e
SHA512829201433b614258755cb2726f5f8ef9cae4c755e2207987f2d58d959c1cd622870a90553e4e38a6ee8e631bbb7531ab450bdbab960e6f7563d0bdd44455f29a
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
Filesize847B
MD58a9792f3630eb7eca062b40fc624f5e8
SHA109d3c8650c923b17cab371147859e33791e9bb64
SHA2564feeb072a352256e37851c19ff06347e93da019794f10e4f969d9dfa9b0045c0
SHA51288b4684c4858db95d6b3c1b9cd1e4cf67f099d1cff83b484d4ef86cbd21f1abb787c951da1c2c6c96abf5c7d01aba88c49a81a90ebea775e931f44a86e05e593
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif
Filesize869B
MD556b6883cc0ca936f107ef4a2950d97f7
SHA1bc13f3f49be9cc91232efcb5a14d0a10c7308af9
SHA2560e6b99f51de4bc8006c7cd4fbdd71f91660da8019285a2f5608196b79696f75d
SHA51298acc04a7ee1963e168e7fe42eec0be53872857293e74a8a90c9632c808875d628341131b2561281a5678175397bdd5d4b5bee032f766f5256fc427794ae3481
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif
Filesize847B
MD57fd243c1abc56f71bedd46a5a85e7885
SHA10115e5adc77df54360f41ea68e0afe233a152422
SHA256faf73dad994c35e07364c7632de9b94db7ad2ea8e43995c872e9af7d036109f2
SHA512cb8ce79b3def001443688963ba92dca11ee3f3fe641fc8fea59501394bb6aa6e3d00075f96f3174132798b95929b14f63d4ecb59a8aefadf08b94d5a7f5ccf92
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif
Filesize863B
MD52328b1a684f62eb5787f360bc7b873cb
SHA1ce08b4691689d802ca884766274d9b3cdfdb8553
SHA2569bb457b0669ef0cb1338d2b084135245f58a94d74df5c6474811181e8ae0628a
SHA5128424d17ed8e74014362205510db0032f345847564597b22a8f9b800b72f4b563f47f513961dcd8b069df2c70e85632a8ab0f613dd9ad4c1aa9cb20ddd99a455d
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif
Filesize861B
MD50aef98a3178205e4feffa5f9cefc50ec
SHA19af4b84fb6f51fc39f83097d119aa51b988e01de
SHA2563550f85c08b4078ad297ef93d8f882d4a109c1da30b465f3d58b1ad501eab8ad
SHA512ec1c66e6622499107a3546f20744973174cdb3d3b992198cbe39e5f6a9b09e3a7c714f2f4d21dce4896f7737fafe42e9931b24817e36167070421144d1d8014f
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif
Filesize850B
MD557d114bc34bdc26bcbb719ed348c291b
SHA1c5b4013742082ca193e2ceeb33a677bfa501182c
SHA256bb4f612edc66cd87506d7c048077fe7858b303be66067f1b43f6fadcb201e4e4
SHA5121aa774e4ffcd9ed556fd254e9ea98392a403de1645aa550a87d25e586157bbf88283ff2c7b43d5613abcb7d341a4495ff845a8ab8e3ee41b26f9fb6436331efa
-
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif
Filesize883B
MD580640b22f4504802cc3dafdbc34648e7
SHA15cd499c74190dae0755ff3690ab12ad912f53618
SHA25696df4d6a13c18e7e414a790630945b92323a6e1183932ec42f085a76d3266a0e
SHA512e9fc7ea002697584fa0a41f79d23c8be260cc40cf931429db2bb020f81684e98ab15641937deead9885be3ed4b50d086373823c2ac66d2254f16ad2905ab90e1
-
Filesize
153B
MD5b2c878016f854f614eae23054c96467e
SHA18ce5f8f8c30b1e03dc405235a9194767a1008466
SHA256d3980f752d066125e74dc259902022a3538a4ab1d91287aab8c2a39379e60474
SHA512e3620dd338b6b31dbe092317b7c22b4e1944f719c99438d4c01265a20a47579be5f6caecab889522fec321d37c51c41571836e0a7700174c8e90480c78459715
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
Filesize12KB
MD5eadfc89880df1f5495b7d7b4d0047a8a
SHA19c1979bba318788c90f0c7200fc9f86a2d6cf560
SHA2568038fa52303133bf365ab30655b2f02867ee717f5bafbe28d2c5aa087b29b899
SHA5120ba80adbcc353de3d789b360a9ec87a77a5b93c9ead2c5e2a3ff7ad08bdcc1a4f4481e7b907deb19e987ef31bf4bed1002a5508334563cb6dbb6c7f215077000
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
Filesize8KB
MD5749088b4ebb5187c801739d539e34875
SHA16b8345fa6d87231eb6c4324ef1b6595800cd8faa
SHA256858b706e091f5250bc13b79c93ecd93be271e69e9cea94fe27d2e9c1a0ffa902
SHA512749f52ba6144ad4f959ec765ed85a26aac1b876ee1babc21e2ddf334512eac80f9687a468faed350c5aa287c7a9160e0f9b40f2877b7125e121999548448e5ac
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
Filesize11KB
MD59c6cefd1f98f979fe84c2d2884d4eb8e
SHA1f49903632c35197a26330b16b64798cfdb330511
SHA2568e621ebf5c5b713d6c55ffba09a6dd1a958930ae60c13401cc1444118cd991f7
SHA5128d286256b254beacc98fb7c55c2675aecc007c3613d7b061ca5c60f79fe546a62819d5c6a6953ebc38369c7f7d8be8856f35e1d3d0f88320c15dfe9e349cc3a2
-
Filesize
109KB
MD50dfb052b7a4e60d3a3b4c8dbf5ebe19a
SHA1ecbb31a1a8f34151e86f85b6105341bb2f9cadc3
SHA256c4470d9c09d7d5b8da63b64780a3c639e0f25df97e63c015bba55d290991de09
SHA512d2c1d29de3b71d8b05f2f286bd2acb551a8f0e951ec611bf1a3671bb9615b470b5c8a649c72d1bcfe3bc26ea8574f46f7cfca4232781e4fd665e9fede65e9a72
-
Filesize
172KB
MD5bfacf8e7caff2fcbe157afa7b6c3ab98
SHA1d8d12a5d7968c812b69a7d47b590d7ecbf9aa8ce
SHA256fad6c44829d5b8ff07dceb6b0571dd661383ee047f8447fccfb807d02961ea5d
SHA512b972b07d2d179ee3a3886fb91a4f3030e92f0f3dfb358043b039cb98b4ef0c5fa2db949e0c05bbc67c4835a77495c380f93c6967d97ee3bf5f9067b956cd1350
-
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
Filesize1KB
MD52e8e6ebf5cc359f461fc2308d8fdc601
SHA17749515d7ae56f65003f46cfdcaaaa0c5273b362
SHA256bdc95f9200d035ad71701a8109f60994767ab126dcfb9dd22dc1cea5b6c1c29d
SHA5122024d3e4904dd43381b3a68de6efa13bbe3e718f317f6180f7be822e4b9b0f372ce4772c131247d8fd8fe8947c2eddae167b57c36368c81a6e5a5e9762ade8be
-
Filesize
49B
MD52fb408fa4e066829075e6dfb2619464f
SHA170c0f86d13275c907454c37bac1299f3034d7bd0
SHA25618d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450
SHA512e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04
-
Filesize
21KB
MD51d3325cc916e9d1d52a894345b1680cb
SHA1702097874d63f72e031f9f0b06815213e52c23b6
SHA25607c930ffc212d47a874b453e5bede5204fea0e61db01fd3f8b23d2b7ec31b4e8
SHA5125744503015c3cd0a06b6365102af54ee4f8c07fa74280eca60554fa3d518964fea8b8d9ffd396d93f1984b042c5ff772fd288a58df90816e37e6af1e33c1d570
-
Filesize
1KB
MD509e52e14cb4a7973628716800e4e14dc
SHA172eb0175c693955567c30b0d13dee45a5a49a5a9
SHA256a4a20488be846ded77db824977e113a106e589452c54ef6c707070f9ac2a901e
SHA5126767e9816b56bad32aea174894d9d65f86016f7bd1fce2356bbd9c7b611df29d06e24e98d9fbb9f6381030cacdb5e007b6ee91dbfede5389fd366e02087fd7fc
-
Filesize
952B
MD564a6a28010dfcefb70e322d964b2429c
SHA16d4e730eb27ec7583ec7838e8299edaea7c5a67e
SHA2568bb51432779b211f141a44696688bda9a4b3c93ca807ae38afd81ded6fdf471b
SHA51235d802b218b724438b1c730ff5126a661ac24dc96feb25959375f6c9603f529c0da0a204afb11faf81c8bcfc2d746e346e52a1f6e0786a814f09e6f670324a57
-
Filesize
121B
MD5d98239746b9e6e4a4f77ef6cb7b69f5b
SHA1113a01385c3428a1bc95673e0701e9cb399aec6c
SHA256f269be75d765ac024a5ef1b52d0909cab313a10554875befa04d598c5681cfaa
SHA5128ada09f4c4c24ce18a9a7161bcda4150500ab9dfdc6f4078b2258cbbb61753de3427df11dc617084e312b7121f684e472f04d8fc83655664057650aad239e878
-
Filesize
1KB
MD537ae686587eaae24e532fe5160a3f845
SHA14957c177ae29c7dad8133f071ab88aa9a4b6df33
SHA256691cde514dbc60b4571c6c65aeb101372a236bd17d4ac45ba88fed55434dbe01
SHA512838d8b6aac7f61e14d968058aa82ddff26cc1790568fedbfd41027a305fa44fa4e253fb1b625c40bebe70931b5f6d43c1e95ef8ead924370618d8867c032a6e0
-
Filesize
8KB
MD5dcc8edabdf54ea28859dbf2b2a7044b2
SHA1872031d1222df3925d65dee0073646ad706eed0a
SHA256318f1541522bf21e82183ed64f739ea1bba2b0cee4ab071a4eed0e1e7e5e01be
SHA512d93743ba14ef2f688ef70334cb79dec4ceb609f1f8d9e40962b04e2fe3c4e363225e5f055e8cb9db915bb05a7501ba38fa31da69c093e20336b6c16808bdcd37
-
Filesize
61B
MD5fcb6ba66484314910d3db6cfe8eeca36
SHA17c0e4c4bd445b6e73144a272cd36e1324487f04f
SHA25692dd7183705135e292170b9f3f5286b1a5e93f9ba80ebbef4f0847097a18534d
SHA512bd0ec42fd544c68adb60919385df54a9dc008fbad22de3473458610f3ff1d9b80cbd472680dc133940e631c351f59a3ad0bdd6a18d6b1dea9efccb6115407bd5
-
Filesize
914B
MD53fb15dafa06586e7dc33b6296bb0d888
SHA1f15d1795db2c010970405f677003ebb65395b5d7
SHA2564033aebe6bebbbdfe94beee155925c461165e51382ba75cdd93eb35732c213ef
SHA512c91a4cae2fd45a0290a0ea7432fe8d2d4d605039b90a7f54368ffbeb5fdbd7aabf5ebe8d6a3042686e23d626890bb052224ad9d26fdc9c071c910f1de5bb08bd
-
Filesize
90B
MD5c3abe78fd5837bf035798c7b816af5fb
SHA17f50450cc109d00fc8ba7fe490128afe466de0f7
SHA256974fe6ba7a2e611e2befa57a2366c44c20520f7085a7ac00a64e535e8978ee59
SHA5129b5c6d6ba0b91dd249e5a4c40027257595a4e79cde4bf2bafb1db0b3b1b4239ecff6c4757b9a5bea4b7d6a4880fb231efbc3d6bea97df5d5a91b82f0bd1ad8c9
-
Filesize
90B
MD591a0a7b8c2d9a111fc7c10acd975ab93
SHA1fcb8cb2dbac67e2922dcb1de9d37741180ac2200
SHA256c8b22def06ecab1bffb7c4bcb09b7150676c0707b135aa6362b3e32e9f30db73
SHA5123bcdcef51c83925548c5179cdf52a2512ec8947560da85702d3b46fb9ed343b88371e2e8788e1b2326041081467e7636c7de1f01f0e782c77da0ff2288e21703
-
Filesize
328B
MD51a1d381e1d130f957a227e3402cdbc60
SHA13e5976991b97bdd481dd36957c54e41aa9dcd9dd
SHA25679c82725ad7202fde2a12fd6ba414601cf211049cffa0215daecb68fb55b2f14
SHA512585be953fb0f06dbd07d2a95253fa829dc1ca8611caa90d30c89d9f2ebdd21bdf146de1bc4fa6a05b519e5cca5265b9389068e148ae95b63baa78b785e8862a1
-
Filesize
1KB
MD5bec64a2f6ac55c7835d193be3c3ee9c6
SHA1d77334e9329b5e3e7546be71f7a7e776b939e2e7
SHA2564166d40220c459c03afb2f083c99278c75485bce0200c0ed18d33a04be78c450
SHA512e4a5d87b4d1af90402678e5e393cd60619292190f03697d2bb1d98d05c5167feb5594da48a5f95db43b6590116ceeb220a49f4f989a4fe4137f1d027b8395edf
-
Filesize
162B
MD55f3cb496aa9c4143b46d5b93990e2ea8
SHA16e757737cd0afdb78c43a582e6f7e3359c186e64
SHA256989c57f1151285b622fef9429d8ba0437814a09fae56aab0d4cd11205e60f942
SHA512fd3a0fe8d04771ff83f173de0a2ffe548bc33323f22b02a811a62dd2687fa3cf25f239ba3a9a6477f8f19aeb195b9042df67735b120d03fb3d8b7748e71c3dd9
-
Filesize
586B
MD5e32d9bf7adb2047bf292fa3aa0072c24
SHA12f24b2c5e9456c7b0b457bc32e84f77f8f88edcb
SHA25668225918a62b508ad11c616be14cb888d39480a8bff0ab8c72e322ce10339ed7
SHA512489cdc8a4f084c75c2883cf30ef74af6531e5552dddd3f5170ea07d967043aac120ab7687a635d92434a3646261d6c3d2fb9eee82da16306a9e33108b5798944
-
Filesize
124B
MD5c0cd80923a2a087599b7afc2f575332c
SHA1473c3b183c393fb75d26bb7768d5e9f326313146
SHA256d5ab7240b560e1e761a2473a115b14dedc6dcaff466c4dc1ac95364c85776bb5
SHA5120d90cffa3d2b6e3ff41a3fe86f039f30343418825c2d83eb19e0d8a0d7da8a7b1d325b78ac66ece4fb1d68b83a4f4ee01c19a29e769bddf13a6850e76ffaf839
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
Filesize65B
MD5d6f0f6fc1ba217da1b0ffbf198e5ae72
SHA1f1047aa675d7710f222d2f671157940e3b9923ea
SHA256c11278970c8edee49cb821e26a8c161778ad07643e58ebad7b7b7074eae101f7
SHA512840f102731258bbf12e931d9a15eea70b0f11a0d05de79eef56fe545febba495f2caf71427655b12038cd9f0cba51ccfc237935a1ff90a1a5a3dc2c43a9214bd
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
Filesize65B
MD599883e4ff825f96937d5ce41c63e4cb6
SHA1447b5a9a39d0539acb038a62ba3a87af864ca8e4
SHA256afc76e72295f02347e422bb6905e709ba37d651b70c65f83b865fa576a9cf654
SHA5120d85a8b08d8a7b886549b5fa5b8d01e22ff55f2f5950b1952024771d4f4a6ae7a2ab5654636620d4a98373473eb6318cb721f864e2d38a9805ee36cf06080ae4
-
Filesize
8KB
MD5428a2d59b920bf12563ffa39c58b6a98
SHA17d2dbf8487c7b04c2afddfa4af0f0f7a7e1d9daa
SHA2568566f6e66975382ff313ca82bb83f52623a5de52b6c42f2fc078ae99aae3d0b0
SHA51209f7b178f6793248a9597ca3831a530721aaac9e9681b5358fe31af7c277b03fa6e71771551927e36b993bc0ef06dd87d9cbceb2d63f9270098fa0b14966d072
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
Filesize65B
MD5a9a7602a94b1289896d5976ac77afc72
SHA1af9aecb7d399722a0735760f9ab2d3ea1ed38933
SHA2567c68407f107bcf206b4e2101f86f04b34e0c14df8319c771e6d3a08fe66e20d4
SHA512cffede1e9727912035db5c66f90c010c717ff93a50dbc4230b88f660db906a5e0016c1a990bcdafb47be0b28f8e2787aa7aeab5efadce4bac0372c3871de850d
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
Filesize65B
MD50d718c0def2f2163475f0759b14d0484
SHA17c76908169780975a392548550b7e1b87aa44b78
SHA25657acdb07130122056b09da925b254e12b80ca640e08460ff40de19d04bdff9a5
SHA512eae4741d3660a3c7485326aa39da593945507fc9b7e7ce5fc2b4d71417edadd316611bc7e57216c3668ecef87285362c806c092659404c8bab2c4a0e0b853b15
-
Filesize
880B
MD5fb1fc16fb6691647e700d16cc25a64a5
SHA19bb8bfc1bc8202175c9679ef17cb3b915d7779da
SHA256bc8a225f9bad69badc1db203912d9819b1a4d334b3295d588c3739113e2768c0
SHA5120875e17df74878aec20076c0455ed507dbcf25ca39932e74265d15840ac6fb9933bfba1893486127bdd91663c7277bb0edfb4b1e80b2e42de226befc1fb56aff
-
Filesize
32KB
MD52736df30bd3d3c1b11a8319f2b83ab8a
SHA17202b5e5623fd5c6b09177ba9d66dfdf6b30b7d5
SHA256482b79f30778134526f88f61a2b76f63bac4919278acc7990e6e27bbff989aaa
SHA512e14eb86bc0a1c3917671df47e9b1e7f8f223187d21c236298970bc801f841175dbc1fd6b3ced76816a532064662aeb24f3d5b7b5ca66c7ad38d3171508f89047